"How To Deal With the Vagueness in New Cyber Regulations"

This year, regulatory bodies at all levels of government have issued stricter privacy and disclosure requirements and penalties, crafted with ambiguous language and vague guidelines, leaving cybersecurity teams buried in liability and without a clear path to compliance. Recent Security and Exchange Commission (SEC) guidelines on cyber incident disclosure are an example of the confusion that can be caused by vague regulatory language. Adam Shostack, a cybersecurity expert, observes that the rules are widely misinterpreted. Shostack considers the requirement for transparency to be generally positive, but it is essential to note that it is within four days of determining it is a material breach, not within four days of discovering a breach. As Shostack emphasizes, many people fail to recognize this distinction. This article continues to discuss the vagueness of new cyber regulations. 

Dark Reading reports "How To Deal With the Vagueness in New Cyber Regulations"